Improvement upon Mutual Password Authentication Scheme

Many password authentication schemes have been proposed for electronic commerce environment; however, none of them is secure enough. Hwang and Yeh proposed an improvement on the Peyravian-Zunic password authentication scheme including protected password transmission and password change. We demonstrate that the Hwang-Yeh scheme is also vulnerable to several kinds of attacks though the scheme has repaired some security problems of the Peyravianis-Zunic scheme. Furthermore, we propose an improved scheme to enhance security of their scheme in the paper. Based on collision-resistant hash function, the proposal employs techniques of salting, time stamp and trusted computing to be free from worries of possible common attacks, such as replay attack, guessing attack, stolen-verifier attack, denial of service attack, impersonation attack, and server spoofing attack. According to security analysis over insecure networks, the proposed scheme is the most secure scheme among the Peyravian-Zunic scheme, the Hwang-Yeh scheme, the Peyravian-Jeffries scheme, and the Wang-Zhang scheme.